Skip to main content
CallTower Solutions Center

Firewall Settings

The following firewall changes are recommended to help ensure quality when using Skype4B.

Note that these recommendations apply to outbound traffic. We are not asking you to poke holes in your firewall. 

IP

Description

Ports

205.196.169.141
205.196.169.142
205.196.169.154
205.196.169.165
205.196.169.47
205.196.169.48
205.196.173.30
205.196.173.31
205.196.173.32
205.196.173.32
205.196.173.33
205.196.173.34
205.196.173.35
205.196.173.35
205.196.173.43
205.196.173.46
205.196.173.49
205.196.173.55
205.196.174.32
205.196.174.35
205.196.174.43
205.196.174.46
205.196.174.49
205.196.174.55
63.128.106.132
63.128.106.135
63.128.106.143
63.128.106.146
63.128.106.149
63.128.106.155
67.213.189.101
67.213.189.104
67.213.189.107
67.213.189.110
67.213.189.131
67.213.189.132
67.213.189.141
67.213.189.142
67.213.189.148
67.213.189.149
67.213.189.155
67.213.189.156
67.213.189.162
67.213.189.163
67.213.189.26
67.213.189.29
67.213.189.32
67.213.189.73
67.213.189.76
67.213.189.79
67.213.189.89
67.213.189.92
67.213.189.95
67.213.189.98
SIP TCP: 443, 4443, 5061, 5269
205.196.169.145
205.196.169.146
205.196.169.168
205.196.169.169
205.196.169.51
205.196.169.52
205.196.173.34
205.196.173.37
205.196.173.42
205.196.173.43
205.196.173.44
205.196.173.45
205.196.173.45
205.196.173.46
205.196.173.47
205.196.173.48
205.196.173.51
205.196.173.57
205.196.174.34
205.196.174.37
205.196.174.45
205.196.174.48
205.196.174.51
205.196.174.57
63.128.106.134
63.128.106.137
63.128.106.145
63.128.106.148
63.128.106.151
63.128.106.157
67.213.189.100
67.213.189.103
67.213.189.106
67.213.189.109
67.213.189.112
67.213.189.135
67.213.189.136
67.213.189.145
67.213.189.146
67.213.189.152
67.213.189.153
67.213.189.159
67.213.189.160
67.213.189.166
67.213.189.167
67.213.189.28
67.213.189.31
67.213.189.34
67.213.189.75
67.213.189.78
67.213.189.81
67.213.189.91
67.213.189.94
67.213.189.97
Audio/Video TCP: 443; 40000-65535/UDP: 3478; 40000-65535
205.196.169.143
205.196.169.144
205.196.169.166
205.196.169.167
205.196.169.51
205.196.169.52
205.196.173.33
205.196.173.36
205.196.173.36
205.196.173.37
205.196.173.38
205.196.173.39
205.196.173.40
205.196.173.41
205.196.173.44
205.196.173.47
205.196.173.50
205.196.173.56
205.196.174.33
205.196.174.36
205.196.174.44
205.196.174.47
205.196.174.50
205.196.174.56
63.128.106.133
63.128.106.136
63.128.106.144
63.128.106.147
63.128.106.150
63.128.106.156
67.213.189.102
67.213.189.105
67.213.189.108
67.213.189.111
67.213.189.133
67.213.189.134
67.213.189.143
67.213.189.144
67.213.189.150
67.213.189.151
67.213.189.157
67.213.189.158
67.213.189.164
67.213.189.165
67.213.189.27
67.213.189.30
67.213.189.33
67.213.189.74
67.213.189.77
67.213.189.80
67.213.189.90
67.213.189.93
67.213.189.96
67.213.189.99
Conferencing TCP: 443
205.196.169.140
205.196.169.170
205.196.169.53
205.196.173.147
205.196.173.154
205.196.173.161
205.196.173.41
205.196.173.61
205.196.173.62
205.196.173.63
205.196.174.41
205.196.174.61
205.196.174.62
205.196.174.63
63.128.106.141
63.128.106.161
63.128.106.162
63.128.106.163
67.213.189.130
67.213.189.140
67.213.189.147
67.213.189.154
67.213.189.161
67.213.189.39
67.213.189.45
67.213.189.48
67.213.189.49
67.213.189.50
67.213.189.51
Web Services TCP: 80, 443
There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other. Client to Client Application Sharing TCP: 42000-42039 / UDP: 42000-42039
There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where the file passes directly from one user to the other. Client to Client File Sharing TCP: 42040-42079 / UDP: 42040-42079
There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other. Client Media TCP: 5350-5389 / UDP: 5350-5389

205.196.172.152
205.196.172.154
69.4.184.170
69.4.184.172

Hardware Phone Firmware Updates: Polycom, Yealink TCP: 80, 443, 20, 21, 7000-8000
  • It is recommended to also whitelist the domain ct950.com on your network as well as specifying the IP addresses
  • Another more flexible approach would be to simply whitelist the following networks since we can and will add servers over time to multiple locations.
    • 205.196.169.0/24
    • 205.196.173.0/24
    • 205.196.174.0/25
    • 67.213.189.0/24
    • 63.128.106.128/26
  •  If a "Sonic Firewall" or other is being used with "DPI" Deep Packet Inspection, it is recommended to disable this feature for Voice Traffic.       All Skype traffic is Encrypted Data traffic and this feature isn't necessary, also it will interfere with Skype/Voice services and cause QOS issues.  
  • If your router is not configured for the new traffic protocols that Skype for Business (Lync) will introduce to your network, you could experience packet loss, dropped calls and jitter. You must make sure that SIP inspection or SIP ALG (Application level gateway) are disabled on your routers and firewalls to prevent this from happening. You may need to contact your ISP to have this done, but make sure this is completed prior to deployment. These features in routers are intended to block SIP traffic and will interfere with Skype for Business (Lync) communications.
  • It is also recommended to turn of any sort of Certificate Decryption for traffic destined to the IP ranges listed above.